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[57] ABSTRACT 

A re-authentication procedure between the modems of 
a public switched telephone network (PSTN) data con- 
nection, which is between a computer facility and a 
user, provides a secure method for protecting the com- 
puter facility against an active wire tap, or spoofing, by 
an intruder. In particular, the user's modem and the 
computer's modem perform a re-authentication proce- 
dure throughout the duration of the data connection. 
This re-authentication procedure is transparently per- 
formed on a side channel of the data connection. This 
side channel can either be an in-band channel or an 
out-of-band channel. The re-authentication procedure 
comprises an exchange of encrypted information be- 
tween the two modems. If one of the modems detects 
the presence of an active wire tap, that modem simply 
interrupts the data connection. 

30 Claims, 5 Drawing Sheets 
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CONTINUOUS AUTHENTICATION USING AN 
IN-BAND OR OUT-OF-BAND SIDE CHANNEL 

BACKGROUND OF THE INVENTION 5 

The present invention relates to modems and to com- 
puter systems. In particular, this invention relates to the 
use of modems to provide secure access to a computer 
system. 

The use of computers in today's world is continually 10 
on the increase, from main-frames to personal comput- 
ers, more and more people are using computer systems. 
In fact, it is the accessibility of a computer itself, via a 
modem and the public switched telephone network 
(PSTN), that allows almost anyone to benefit from the 15 
use of a computer. Unfortunately, this accessibility also 
seems to attract "intruders," i.e., illegitimate users of a 
computer system. As a result, the security of a computer 
system, or even a network of computers, as to both the 
integrity and distribution of the information stored on a 20 
computer, is an item of continuing concern to the legiti- 
mate users, owners, and operators of computers. 

In response to this need of providing some type of 
access security to a computer system, various methods 
are used for authenticating the identity of a user request- 25 
ing access. One example is the well-known use of a 
"password." A variation of this, in the case of modern 
access, is a "password/callback" technique in which the 
called computer calls back the user at a predetermined 
telephone number after the password has been success- 30 
fully entered by the user. Another example, is a challen- 
ge/response scheme where the computer, or "grantor," 
sends a random number— the challenge — to the user, or 
"requestor," and the requestor proves his identity by 
encrypting the random number using a secret key 35 
shared by the grantor and the requestor. In fact there 
are industry standards, like ANSI X9.26-1990, "Sign-on 
Authentication for Wholesale Financial Systems," 
which provide a strong node-to-node authentication 
procedure using a "challenge/response" protocol and 40 
the Data Encryption Standard (DES) algorithm. 

However, password and password/callback tech- 
niques offer little protection against someone subse- 
quently taking control of the data connection and 
thereby "spoofing" the computer system. In addition, 45 
the challenge/response method of ANSI X9.26-1990 
only provides a method for authenticating a user's iden- 
tity during the initial sign-on, or login, procedure. In 
other words, the above-mentioned techniques do not 
protect against an intruder who uses an "active wire 50 
tap" that disconnects the user after the initial sign-on 
procedure and allows the intruder to take control of the 
data connection to access the computer. 

As a result, if access security to a computer system is 
of prime concern, as opposed to privacy of the data 55 
connection itself, other techniques are required to en- 
sure that a data connection is not vulnerable to an active 
wire tap. For example, complete encryption of the data 
stream using DES encryption is one possible means of 
preventing an intruder from subsequently gaining ac- 60 
cess. Another alternative is illustrated by U.S. Pat. No. 
4,802,217, issued to Michener on Jan. 31, 1989, in which 
a computer controls a security device that is connected 
between a user's terminal and the user's modem. In 
particular, the user dials the computer system, which 65 
receives an encrypted first codeword from the security 
device. The computer then instructs the security device 
to change the first encrypted codeword to a second 
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encrypted codeword, disconnects the line, and calls 
back the user. Upon completion of the callback by the 
computer, the security device then sends the second 
encrypted codeword to the computer to establish the 
data connection. Thereafter, the computer periodically 
instructs the security device to change to another en- 
crypted codeword, upon which the security device 
sends the new encrypted codeword to the computer, 
which then checks the received encrypted codeword 
and thereby verifies the continuing integrity of the data 
connection to the original user. 

Consequently, unless there is a constant re-affirma- 
tion of identity, either by full data encryption or, as 
suggested by the Michener patent, by periodic re- 
authentication, an intruder can bridge the line and take 
over the data connection thereby gaining unauthorized 
access to resources and information or injecting infor- 
mation to his advantage. However, this prior art, while 
providing a level of protection against an active wire 
tap, is not the complete answers to the problem. For 
example, full data encryption afTects both the cost and 
complexity of the communications system typically 
involving the computer and the user's terminal. Simi- 
larly, the Michener patent requires modification of the 
computer's software and a separate security device 
between the user's terminal and the user's modem. 

SUMMARY OF THE INVENTION 

The present invention provides the users, owners, 
and operators of computers with flexibility in providing 
access security against an active wire tap of a PSTN 
data connection to a computer. In particular, we have 
realized that the one component typically common in a 
PSTN data connection is the equipment that mediates 
between the terminal equipment and the transmission 
medium, i.e., the modem itself. Therefore, and in accor- 
dance with the principles of this invention, access secu- 
rity is provided to a PSTN data connection by a contin- 
uous re-authentication procedure between the modems. 
This continuous re-authentication procedure occurs in a 
non-interfering manner by using a side channel of the 
data connection to periodically or a periodically send 
authentication information during the duration of the 
data connection. The side channel can be in-band, 
where the re-authentication information is time-division 
multiplexed in between any data transmissions, or the 
side channel can be out-of-band, where a narrow por- 
tion of the available bandwidth is used to exchange the 
re-authentication information using frequency division 
multiplexing (FDM) techniques. As a result, access 
security is transparently provided to the PSTN data 
connection and neither additional security devices, nor 
modification of the user's equipment, or the computer 
system, is required. 

In one embodiment of the invention, both the answer- 
ing modem and the originating modem support the 
DES algorithm and the answering modem re-authenti- 
cates the originating modem. In order to re-authenticate 
the originating modem, the answering modem occasion- 
ally initiates a chanllenge/response sequence through- 
out the duration of the data connection. In particular, 
the answering modem comprises a list of data encryp- 
tion keys where each data encryption key corresponds 
to an identifier that is associated with a particular 
modem. Upon answering a telephone call, the answer- 
ing modem requests the originating modem to identify 
itself, by sending its identifier, so that the answering 
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modem can select the associated data encryption key. ports the DES encryption standard and operates on 

Thereafter, the answering modem occasionally gener- data supplied by CPU 210 via lead 213. Illustratively, 

ates a random number that is sent as a challenge to the data encryption processor 230 functions in accordance 

originating modem, which, upon receiving the chal- with the "electronic code-book encryption" process 

lenge, returns a response to the answering modem. This 5 specified by the DES Standard, e.g., "Federal Informa- 

response is an encrypted form of the random number, tion Processing Standard 46." It should be noted that 

where the originating modem's encryption process uses for clarity data encryption processor 230 is shown sepa- 

a data encryption key that is identical to the data en- rate from CPU 210 and memory 220. However, as will 

cryption key used by the answering modem. The latter become clear from the following description, an alter- 

decrypts the response and compares it to the challenge. 10 native, and less costly, implementation is one where the 

If the decrypted response and the challenge match, the data encryption algorithm executed by data encryption 

originating modem's identity has been verified. On the processor 230 is simply directly performed by CPU 210, 

other hand, if the decrypted response and the challenge which would execute a data encryption program stored 

do not match, indicating that a possible spoofing at- in memory 220. Finally, for simplicity, it is assumed that 

tempt has been detected, the answering modem merely 15 DSP 250 includes other well-known processing func- 

drops the data connection. tions and circuitry, like filters, analog-to-digital con- 

BRIEF DESCRIPTION OF THE DRAWING Verters ™ d ds^-to-analog converters for processing 

an incoming or outgoing signal. 

FIG. 1 is a block diagram of a point-to-point data As a result of the originating telephone call from 
communications system; 20 modem 120, modem 200 receives an incoming signal, on 

FIG. 2 is a block diagram of a modem embodying the lead 201, from telephone network 130. This incoming 
principles of the invention that is used in the data com- signal is applied by data communications interface 260 
munications system of FIG. 1; to DSP 250. The latter, under the control of CPU 210, 

FIG. 3 is a flow diagram of a method used in the performs a CCITT V.32 call establishment sequence 
modem of FIG. 2; 25 that includes modem handshaking and training to estab- 

FIG. 4 is a flow diagram showing the re-authentica- lish the data connection with modem 120. After the 
tion procedure embodying the principles of the inven- establishment of the data connection, DSP 250 performs 

ti °ci^ c- n the signal conversion and coding for the resultant data 

FIG. 5 is a flow diagram of another method used in streams between computer 150, via data terminal inter- 
themodem of FIG. 2; 30 face 240, and terminal 110, via data communications 

FIG. 6 is a diagram showing an out-of-band side interface 260, etc. 
channel for use in the modem of FIG. 2; and In accordance with the principles of this invention, 

FIG. 7 is a diagram showing an in-band side channel answering modem 200 provides a user transparent 
for use in the modem of FIG. 2. (cryptographic) one-way node-to-node re-authentica- 

DETAILED DESCRIPTION 35 tion °f originating modem 120 via a challenge/response 

. . protocol, which is illustrated in the flow diagram of 

A point-to-point data communications system is FIG. 3. In particular, after establishing the data connec- 
shown in FIG. 1. In the following example, it is assumed tion with originating modem 120 in step 305, CPU 210 
a calling party (the user) at terminal 110 originates a proceeds to step 310 and sends a request to modem 120 
telephone call in order to access the called party (com- 40 for its modem identification (ID) number, via DSP 250 
puter 150) through originating modem 120, telephone The modem ID number is a predetermined number 
network 130, and answering modem 200. Lines 201 and assigned to the originating modem (discussed below) If 
121 are representative of typical "tip/ring," or local CPU 210 does not receive the originating modem's ID 
loop, access provided by telephone network 130. Both number in step 315, CPU 210 simply sends a message 
modems 120 and 200 embody the principles of the in- 45 "access denied" and drops the data connection in step 
vention, however, for simplicity only modem 200 is 350. However, if CPU 210 receives the originating 
shown in detail in FIG. 2. Except for the inventive modem's ID number, CPU 210 proceeds to step 320 and 
concept discussed below, modem 200 is representative, retrieves from key list 221 a corresponding data encryp- 
as is known in the art, of data communications equip- tion key. Key list 221 is stored in memory 220 a priori 
ment, which interfaces data terminal equipment, e.g., 50 and represents a plurality of modem ID numbers, each 
computer 150, to a data circuit-here the PSTN. The of which represents a possible originating modem, 
PSTN is represented by lines 201 and 121, and tele- where each modem ID number is associated with a data 
phone network 130. In particular, in the context of this encryption key. This associated data encryption key, 
invention, the term data communications equipment like the modem ID, is also determined a priori in the 
means an apparatus that provides 1) the functions re- 55 originating modem. 

quired to establish a data connection and 2) provides for After retrieving the associated data encryption key 
the signal conversion and coding between the data ter- for modem 120, CPU 210 randomly generates a number 
mmal equipment and the data circuit. Modem 200 com- which is known as a challenge in step 325. This chal- 
pnses memory 220, CPU 210, digital signal processor lenge is sent to modem 120 in step 330. Upon receiving 
(DSP) 250, data encryption processor 230, data commu- 60 the challenge from modem 200, modem 120 encrypts 
mcations interface 260, and data terminal interface 240. the challenge, via its data encryption processor (not 
CPU 210 is a microprocessor central processing unit, shown), to generate a response, i.e., a form of "cipher 
which operates on, or executes, program data stored in text," which is sent back to modem 200. The encryption 
memory 220, via path 211. Memory 220 is representa- performed by modem 120 uses its stored data encryp- 
tive of random access memory, and comprises a number 65 tion key, mentioned above. Both the challenge and the 
of representative storage locations, of which a subset is response each comprise at least 20 bits of data so that 
shown in FIG. 2. It is assumed that memory 220 in- there is a one in a million chance of discovery of the 
eludes key list 221. Data encryption processor 230 sup- correct response. If CPU 210 does not receive a re- 
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sponse from modem 120 in step 335, CPU 210 sends a data. Specifically, for a side channel, either an in-band 
message "access denied" and drops the data connection channel or an out-of-band channel is used, 
in step 350. However, if CPU 210 receives a response, An example of an out-of-band side channel is one that 
CPU 210 proceeds to step 340 and decrypts tie re- does frequency-division-multiplexing (FDM) of the 
sponse using the associated data encryption key re- 3 data and the re-authentication information. This form of 
trieved in step 320. The decryption of the received out-of-band channel is also known as a "secondary 
response is performed by CPU 210 via data encryption channel," which is typically a narrow part of the fre- 
processor 230, which supports the DES encryption quency spectrum that is dedicated to a low bit rate 
standard. CPU 210 then verifies the identify of modem channel. An illustrative frequency spectrum is shown in 
120. If the decrypted response and the challenge do not 10 FIG. 6, where it is assumed that the data connection 
match in step 345, CPU 210 sends a message "access comprises primary channel 410, with bandwidth f*, 
denied" and interrupts, e.g., drops the data connection which transmits the data information, and ancillary, or 
in step 350. (It should be noted at this point that other narrow-band, channel 405, with bandwidth f n , which 
alternatives for answering modem 200 exist, e.g., instead transmits the re-authentication information, 
of dropping the data connection, initiating a "trace" of 15 An example of an in-band side channel is one that 
the data connection.) However, if CPU 210 verifies the performs time-division-multiplexing of the data and the 
identity of modem 120, i.e., the decrypted response and re-authentication information. This is shown in FIG. 7, 
the challenge match, CPU 210 does not disturb the data where it is assumed that the actual structure for trans- 
connection and proceeds to step 355, where it checks if acting data between modem 200 and modem 120 uti- 
this is the completion of the first re-authentication at- 20 Uzts . 9X1 underlying modem protocol, like a modified 
tempt. If this is the completion of the first re-authentica- version of CCITT V.42. The latter is an HDLC-like 
tion attempt, CPU 210 enables the transfer of data infer- protocol that comprises "data frames" for the transmis- 
mation between modem 200 and modem 120 in block SIOn of data and " contro1 frames" for the transmission of 
3*0. Once the data transfer is enabled, subsequent re- controI > or ancillary, information. As shown in FIG. 7, 
authentication attempts bypass step 360 and proceed 25 data frames » llke da ta frame 510, are time-division-multi- 
directly to step 370, where CPU 210 sets an interrupt P««d with control frames, like control frame 505. The 
for a predetermined period of time T. After the period re-authentication information is simply transmitted be- 
of time, T, passes, CPU 210 re-authenticates the data twe u cn raoden ? s f 200 a " d c 120 known techniques 
connection by repeating steps 325 through 345. This „ ^thm con^firame 505 

re-authentication process continues for the duration of 30 tK As descnbed a *> ve > th f ongmatmg modem and 

the data connection answering modem share the same data encryption 

The above-described authentication process is also £ y .fil* ^ J? 

shown in FIG. 4. Answering modem 200, the grantor, Z^^^l^^ Consequently, both 
transmits a "send modem ID" message 605 to originat! 35 In 2i££ ^i^^T*?*™ 1 ? y 

ing modem 120, the requestor, which responds by frans- 35 Tr^u J^TiA T i on * lnatm S m ° dem must 
« Trv , i, ft ri ... . / store its modem ID. Finally, one, or both, of these 

^ nL -ShiifiSa^S^ '^w 115 m °f Cm 5? modems maintains the above-cescribed key 1 st, wtidh 
S^^^^l^^^^ r a list of P° ssible originating modem IDs with 

L a * Z h ? f" 3 ? T ° f respective data encryption keys that are identical to the 

IT^JIL J^^^ ™ X ?£l? h * U ™* c 40 data encryption key sforedinthe identified modem. All 
2s Wnl,? i?£ h ? y T 6 ° K S^T gC of this W<»»ation is initialized a priori using well- 
SZd^t^l^^ °/nn rCSP T e ^ ^own techniques for administration of modem p^ame- 

^ terS ' For eXample ' ±is * f0 ™*™ <*" ^ entered via a 

a« aitJLotiT,- \Tltv^ ♦ * u a u terminal connected to the modem, or can be remotely 

An alternative ^ method to the one descnbed above 45 initialized by the use of "downloading" techniques. 

2e2^J? « M FI P* L7 hC °H Dly Althou « h the ^ve-described repetitive re^uthenti- 

dnTerence is in ^ steps ^540 and 545. In step 540, modem ^ikm protocol illustrates a challenge/response proto- 

200 encrypts the challenge that was transmitted to co]> other ^authentication protocols are possible. For 

modem 120 in step 330. The challenge is encrypted example| aIthough less than the above-described 

using the data encryption key associated with modem 50 approach, modems 120 and 200 can use a simple pass- 

120 and retrieved m step 320. A verification of the iden- wor d technique in which each modem comprises an 

tity of modem 120 is performed by comparing the en- identical list of passwords, where each password is 

crypted challenge and the response from modem 120 in associated with a number. In this context, the challenge 

step 545 As descnbed above, if the challenge as en- sent by modem 200 is simply one of the numbers that is 

crypted by modem 120, i.e., its response, matches the 55 associated with a password. The response by modem 

challenge as encrypted by modem 200, then the data no is simply the password assigned to that number 

connection is not disturbed and CPU 210 proceeds to (challenge). Modem 200 then compares the received 

step 355. However, if a match does not occur, the data password (response) with the correct password as indi- 

connection is interrupted in step 350. cated on its list of passwords in order to determine the 

The above-described re-authentication process of 60 authentication of modem 120. 
FIGS. 3 and 5 takes place on a side channel of the data Another example, which is as secure as the above- 
connection. In other words, a portion of the bandwidth described symmetric data encryption chailenge/re- 
of the data connection is used to transport the re- sponse protocol, is the use of a "public key" technique, 
authentication information. As a result, the data connec- which is an "asymmetric" form of data encryption like 
tion comprises a primary channel— for transporting the 65 the currently proposed "Digital Signature Standard" 
data— and a side channel— for transporting ancillary developed by the U.S. National Institute of Standards 
information. This side channel essentially multiplexes and Technology (NIST). The public key technique is 
the re-authentication information with the transport of asymmetric because different keys are used for encryp- 
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tion and decryption. Furthermore, one key is kept se- wherein the means for verifying encrypts each one of 

cret; the other key can be made public knowledge. In the plurality of challenges, where the encryption is a 

particular, modem 200 sends a challenge, as described function of a data encryption key that is selected as a 

above, to modem 120. However, modem 120 returns the function of the identifier of the user and wherein the 

challenge with a "digital signature" and a "certificate" 5 means for verifying compares each one of the plurality 

attached. The digital signature is a digital bit pattern of responses with each respective one of the plurality of 

that is a function of the challenge and modem 120*s encrypted challenges to provide the output representa- 

secret data encryption key, which is not known to tive of verification, whereby if there is a mismatch be- 

modem 200. The certificate, as is known in the art, tween a respective one of the plurality of encrypted 
includes identification information from modem 120 1° challenges and the one of the plurality of responses the 

and the public key. In this approach, modem 200 does data connection is interrupted, 

not have to keep a list of modem identifiers and associ- 2 - The apparatus of claim 1 wherein the means for 

ated data encryption keys since the "requestor" will verifying is a function of a symmetric data encryption 

always supply the public key. algorithm. 

The foregoing merely illustrates the principles of the 15 3 ; ^he apparatus of claim 1 wherein the means for 

invention and it will thus be appreciated that those verifying is a function of an asymmetric data encryption 

skilled in the art will be able to devise numerous alterna- algorithm. 

tive arrangements which, although not explicitly de- 4 ' ^ apparatus of claim 1 wherein each one of the 

scribed herein, embody the principles of the invention respective challenges is a random number and the 
and are within its spirit and scope. 20 means for verifying and the means for sending are in- 

For example, although the continuous re-authentica- cluded a data communications equipment appa- 

tion process described above was illustrated in the con- rat ^ s ,^ 1 . 

text of a modem-to-modem data connection, other . 5 ' V* a PPa«tus of claim 1 wherein the side channel 
forms of data communications equipment, like terminal „ 1S an J n ; band channel. 

adaptors, can perform this continuous re-authentication. 25 f 'J™ a PP^ a . tus of claim 5 wherein the in-band chan- 

In addition, although the re-authentication is continu- ne 1S dlvlslon ™*iplexed with the primary chan- 

ous, the time delay, T, between re-authentication at- ' ~~ A , . . . , . t . , 

tempts does not have to be periodic, but can be "aperi- - T 1116 W*" claim 1 wherein <■« side channel 

odic," i.e., variable, throughout the duration of the data w 15 f chann f ; _ . . v . j 

connection. Further, other forms of side channels are 30 * ^ a PP aratus * clau * 7 wherein the out-of-band 

possible, like modulation of the primary signal point channe ' 15 frequency division multiplexed with the pn- 

constellation. Also, although, as described above, the "^P^!™ . 

• - 0< - , , ir\ * p m • . v. Data communications equipment apparatus for 

originating modem s ID was received after the hand- *v *■ * . M K r y . 

shaking process, the receipt of modem identification 35 rSSZ P ° * ™ mectm * the 

information can occur during the handshaking process. 35 T^^^T'T 

AW fl1t i„„ , . u u , .„ j means for sending and receiving to a) send a request 

Also a though the above example illustrated a one- for j dentiflcati * n to a sec ond data ^mmunication^ 

way challenge/response authentication using encrvr> * . . . wiumuuiwiuun* 

**,Z> ~e L*u ? w ": c " llwailu " f «»"yp- equipment apparatus and receive an identifier from 

™ J "IT j a ^en^ation protocol, like a two- th M e s F econd ^ TOmmunications equipment appa- 

u^tn PrOt0C ° l ° an bC 40 ratus and « ^nd a plurality of challenges to^d 

p , ? n / y ° f thC commun3catln S receive a plurality of responses from L second 

S SSTft ° Pr V dC E j: e - authent !- data communication equipment apparatus oTthe 

Ur^ T^; It LT^ S h ^kT k™" user ' where each one of * e P*™5 of responses 

lar steps to the answering modem as described above corresponds to a respective one of the plurality of 

and shown in FIG. 3. Specifically, the originating 45 challenges; and 

S^^^ST^ anSWCring T d£m t0 iden u^ means for verif y in S each ° ne of plurality of re 

£5 XT T I t ongmmng modem issues a chal- sponses „ a function of each one of P the r J pectjve 

lenge that must be correctly encrypted by the answer- plurality 0 f challenges to provide an output repre- 

mg modem. If the decrypted response of the answering sentative of the verificalion of ^ ^ of F the 

modem does not match the originating modem's chal- 50 plurality of responses- 

lenge, the originating modem interrupts the data con- whe rein the means for verifying encrypts each one of 

nection. the p i ura }j tv 0 f challenges, where the encryption is a 

we claim: . . . function of a data encryption key that is selected as a 

1. Apparatus for re-authenticatmg a user of a data faction of the identifier of the second communications 

connection the data connection comprising a primary 55 equipment apparatus and wherein the means for verify- 

channel and a side channel, the apparatus comprising: fog compares each one of the plurality of responses with 

means for sending and receiving to a) send a request each respective one of the plurality of encrypted chal- 

for identification to the user and receive an identi- fenges to provide the output representative of verifica- 

fier from the user and b) send a plurality of challen- tion, whereby if there is a mismatch between a respec- 

ges to and receive a plurality of responses from the 60 tive one of the plurality of encrypted challenges and the 

user on the side channel, where each one of the one of the plurality of responses the data connection is 

plurality of responses corresponds to a respective interrupted. 

one of the plurality of challenges; and 10. The apparatus of claim 9 wherein the means for 

means for verifying each one of the plurality of re- verifying is a function of a symmetric data encryption 

sponses as a function of each one of the respective 65 algorithm. 

plurality of challenges to provide an output repre- 11. The apparatus of claim 9 wherein the means for 

sentative of the verification of each one of the verifying is a function of an asymmetric data encryption 
plurality of responses; . algorithm. 
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12. The apparatus of claim 9 wherein each one of the 
respective challenges is a random number and the data 
communications equipment apparatus is a modem. 

13. A method for re-authenticating a user of a data 
connection, the data connection comprising a primary 
channel and a side channel, the method comprising the 
steps of: 

sending a request for identification to the user and 
receiving an identifier from the user in response 
thereto; 

sending a plurality of challenges to and receiving a 
plurality of responses from the user on the side 
channel, where each one of the plurality of re- 
sponses corresponds to a respective one of the 
plurality of challenges; and 

verifying each one of the plurality of responses as a 
function of each one of the respective plurality of 
challenges to provide an output representative of 
the verification of each one of the plurality of re- 
sponses; 

wherein the step of verifying encrypts each one of the 
plurality of challenges, where the encryption is a func- 
tion of a data encryption key that is selected as a func- 
tion of the identifier of the user and wherein the step of 
verifying compares each one of the plurality of re- 
sponses with each respective one of the plurality of 
encrypted challenges to provide the output representa- 
tive of verification, whereby if there is a mismatch be- 
tween a respective one of the plurality of encrypted 
challenges and the one of the plurality of responses the 
data connection is interrupted. 

14. The method of claim 13 wherein the step of veri- 
fying is a function of a symmetric data encryption algo- 
rithm. 

15. The method of claim 13 wherein the step of veri- 
fying is a function of an asymmetric data encryption 
algorithm. 

16. The method of claim 13 wherein each one of the 
respective challenges is a random number. 

17. The method of claim 13 wherein the side channel 
is an in-band channel. 

18. The method of claim 17 wherein the in-band 
channel is time division multiplexed with the primary 
channel. 

19. The method of claim 13 wherein the side channel 
is an out-of-band channel. 

20. The method of claim 19 wherein the out-of-band 
channel is frequency division multiplexed with the pri- 
mary channel. 

21. A method for re-authenticating a user of a data 
connection for use in a first data communications equip- 
ment apparatus, the data connection comprising the first 
data communications equipment apparatus and a second 
data communication equipment apparatus of the user, 
the method comprising the steps of: 

a) sending a request for identification to the second 
data communications equipment apparatus and 
receiving an identifier from the second data com- 
munications equipment apparatus; 

b) sending a plurality of challenges to and receiving a 
plurality of responses from the second data com- 
munication equipment apparatus, where each one 
of the plurality of responses corresponds to a re- 
spective one of the plurality of challenges; and 

c) verifying each one of the plurality of responses as 
a function of each one of the respective plurality of 
challenges to provide an output representative of 
the verification of each one of the plurality of re- 
sponses wherein the verifying step includes: 
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encrypting each one of the plurality of challenges, 
where the encryption is a function of a data en- 
cryption key that is selected as a function of the 
identifier of the second communications equip- 
5 ment apparatus; and 

comparing each one of the plurality of responses 
with each respective one of the plurality of en- 
crypted challenges to provide the output repre- 
sentative of verification, whereby if there is a 
1 o mismatch between a respective one of the plural- 

ity of encrypted challenges and the one of the 
plurality of responses the data connection is in- 
terrupted. 

22. The method of claim 21 wherein the verifying 
15 step b) is a function of a symmetric data encryption 

algorithm. 

23. The method of claim 21 wherein the verifying 
step b) is a function of an asymmetric data encryption 
algorithm. 

2Q 24. The method of claim 21 wherein each one of the 
respective challenges is a random number and the data 
communications equipment apparatus is a modem. 

25. A method for re-authenticating a user of a data 
connection, the data connection comprising a first data 
communications equipment apparatus and a second data 
25 communications equipment apparatus, the method com- 
prising the steps of: 

a) storing in the first data communications equipment 
apparatus a key list comprising a plurality of identi- 
fication numbers, each identification number asso- 

30 ciated with a data encryption key; 

b) receiving in the first data communications equip- 
ment apparatus an identification number from the 
second data communications equipment apparatus; 

c) retrieving from the key list the data encryption key 
35 associated with the identification number received 

from the second data communications equipment 
apparatus; 

d) sending a challenge from the first data communica- 
tions equipment apparatus to the second data com- 

40 munications equipment apparatus, the challenge 
comprising a number; 

e) receiving in the first data communications equip- 
ment apparatus a response from the second data 
communications equipment apparatus, the re- 

45 sponse comprising a number; and 

0 processing the response from the second data com- 
munications equipment apparatus by encrypting 
the challenge as a function of the retrieved data 
encryption key to provide an encrypted challenge; 
and 

g) comparing the response with the encrypted chal- 
lenge and repeating steps d) through g) if the re- 
sponse is equal to the encrypted challenge and 
interrupting the data connection if the response is 
not equal to the encrypted challenge. 

26. The method of claim 25 wherein the first data 
communications equipment apparatus is the originator 
of the data connection. 

27. The method of claim 25 wherein the second data 
communications equipment apparatus is the originator 

60 of the data connection. 

28. The method of claim 25 wherein the challenge of 
step d) and the response of step e) are carried by a side 
channel over the data connection. 

29. The method of claim 25 wherein the side channel 
65 is an in-band channel. 

30. The method claim 25 wherein the side channel is 
an out-of-band channel. 
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